We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
0.8.0
openssl.cnf is not overwritten during patch. This does not happen with Mariner core image (mcr.microsoft.com/cbl-mariner/base/core)
openssl.cnf is overwritten which may break certain configurations
Create openssl.cnf file with any data
openssl.cnf
Create a Dockerfile with the following contents:
FROM mcr.microsoft.com/cbl-mariner/distroless/base:2.0.20240112 COPY openssl.cnf /etc/pki/tls/
Please note that base image is specifically selected to pin to a version that has an openssl vulnerability
docker build -t openssl:test .
/etc/pki/tls/
copa patch -i openssl:test
The text was updated successfully, but these errors were encountered:
ashnamehrotra
No branches or pull requests
Version of copa
0.8.0
Expected Behavior
openssl.cnf is not overwritten during patch. This does not happen with Mariner core image (mcr.microsoft.com/cbl-mariner/base/core)
Actual Behavior
openssl.cnf is overwritten which may break certain configurations
Steps To Reproduce
Create
openssl.cnf
file with any dataCreate a Dockerfile with the following contents:
docker build -t openssl:test .
openssl.cnf
is in/etc/pki/tls/
path. example: https://oci.dag.dev/layers/sozercan/openssl@sha256:4f15e75c292a2fcb04e55ee4b93cb3449424b9360831490339d3132b1a31a735/etc/pki/tls/copa patch -i openssl:test
openssl.cnf
is overwritten by copa: https://oci.dag.dev/layers/sozercan/openssl:test-patched@sha256:1d703d7013826dadde6c1ed3f32ce8b4b1431b8f1bbeedf7bc92863e2f20fda8/etc/pki/tls/Are you willing to submit PRs to contribute to this bug fix?
The text was updated successfully, but these errors were encountered: